Remarks 



All pending claims, i.e., claims 1, 3-6, 9-11, 13, 16-21, 23-27, 29-32, 35-37, 39, 42-47, 
49-54, 56-59, 62-64, 66, 69-74 & 76-79 stand rejected under 35 U.S.C. §103(a) as being 
unpatentable over Makower et al (U.S. Patent Application Publication No,: US 2002/0184507 
Al; hereinafter Makower), in view of Cuomo et al. (U.S. Patent Application Publication US 
2002/0091757; hereinafter Cuomo). This rejection is respectfiiUy, but most strenuously, 
traversed and reconsideration and withdrawal thereof are respectfiiUy requested. 

Applicants request reconsideration and withdrawal of the obviousness rejection on the 
following grounds: (1) the Office Action fails to state a prima facie case of obviousness; (2) the 
Office Action has misinterpreted the teachings of Makower, and the teachings of Cuomo, thus 
voiding the basis for the rejection; (3) the combination of the documents set forth in the final 
Office Action fails to suggest Applicants' invention; (4) the documents themselves lack any 
teaching, suggestion or incentive for their fiirther modification as necessary to achieve 
Applicants' recited invention; and (5) the combination, to the extent characterized in the Office 
Action, is a hindsight reconstruction of the claimed invention using Applicants' own disclosed 
subject matter. 

(1) & (2) Office Action Fails to State a Prima Facie Case of Obviousness, and 
Misinterprets the teachings of Makower & Cuomo: 

To support a conclusion that a claimed invention is directed to obvious subject matter, 
either the references must expressly or impliedly suggest the claimed invention or the Examiner 
must present a convincing line of reasoning why the artisan would have foimd the claimed 
invention to have been obvious in light of the teachings of the references. Ex parte Clapp 221 
U.S.P.Q. 972, 973 (BPAI 1985); (MPEP §706.02(j)). In this case, the rejection to the claims is 
principally presented as a repetition of Applicants' claim language with specific paragraphs of 
Makower or Cuomo being cited. No fiirther line of reasoning is presented by the Examiner as to 
why one or more aspects of Applicants' invention would have been obvious in light of the 
teachings of the references. Therefore, Applicants understand that the Office Action is alleging 
that the specifically cited paragraphs in Makower and Cuomo expressly or impliedly suggest 
their claimed invention. As explained fiirther below, such a conclusion is believed clearly 
unsupported by the teachings and suggestions of Makower and Cuomo. For this reason, the 
Office Action fails to state a prima facie case of obviousness against Applicants' claimed 
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invention. By way of example, numerous aspects of Applicants' independent claims 1, 27, 53 & 
54 are separately discussed below. 

Applicants claim an authentication identity translation method which includes: 

• establishing an authenticated user identity at an initial server 
responsive to an identification and authentication event within a 
domain comprising the initial server and at least one subsequent 
server, the identification and authentication event occurring at the 
initial server, the initial server and the at least one subsequent server 
each employing disparate user registries with different user 
identities, the disparate user registries being separately maintained 
by the server and being logically represented in a global registry 
maintained by a domain controller, the global registry including 
information that establishes a correspondence between the user 
identity in the initial server and a corresponding, local user identity 
within the at least one subsequent server; 

• generating a translation token representative of the identification and 
authentication event and providing the translation token to the 
domain controller, storing the translation token by the domain 
controller and obtaining a token reference from the domain 
controller, the token reference comprising an index to the stored 
translation token within the domain controller; 

• forwarding the token reference from the initial server to the at least 
one subsequent server along with a request; 

• translating the authenticated user identity of the initial server to a 
local user identity of the at least one subsequent server, wherein the 
at least one subsequent server initiates the translating employing the 
token reference received from the initial server; 

• the translating \nc\\xd\ng forwarding the token reference from the at 
least one subsequent server to the domain controller; 

• employing the token reference at the domain controller to retrieve 
the translation token and translate the authenticated user identity of 
the initial server to the local user identity of the at least one 
subsequent server employing the global registry of the 
corresponding user identities maintained by the domain controller. 

Applicants respectfully submit that to the extent the Office Action addresses the above- 
scripted language of Applicants' recited invention, it misinterprets the teachings of Makower and 
Cuomo. Each scripted function of Applicants' facility is separately addressed below. 
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(A) Generating a token representative of the identification and authentication event 
and providing the translation token to the domain controller, storing the 
translation token by the domain controller and obtaining a token reference from 
the domain controller, the token reference comprising an index to the stored 
translation token within the domain controller. 

Without explanation, the Office Action simply provides a citation to paragraph [0033] of 
Makower as allegedly teaching this aspect of Applicants' recited invention. Paragraph [0033] of 
Makower states: 

Having created a nevs^ session for the client user 42, the web server 20 
sends a request to the central sign-on server 32 (step 418). In the preferred 
implementation the request is an encrypted HTTP request. The HTTP 
request to the central sign-on server 32 includes the challenge generated in 
step 204 of FIG. 2, a time-out value for the session (v^hich in one 
implementation may be a set number of milliseconds, seconds, minutes or 
other time interval until the expiration of the session), and a parameter 
specifying that a new session has been created. The parameter specifying 
that a new session has been created on the web server 20 includes at least 
the log-in identification on the web server 20 of the client browser 42 for 
whom the new session has been created. Additionally, the HTTP request 
to the central sign-on server 32 will include a digital signature using the 
web browser's private key. In the preferred implementation, the digital 
signature will be for use with all information sent to the central sign-on 
server 32, including the challenge, the time-out value, and the parameter 
specifying that the new session has been created. 

As taught by Makower, a request is sent from the web server 20 to the central sign-on server 32. 
This request includes a parameter specifying that a new session has been created for a client user 
42. The parameter specifying the new session has been created on the web server 20 includes at 
least one login identification of the web server 20 of the client browser 42 for whom the new 
session has been created. Applicants respectfully submit that this teaching fails to suggest their 
recited functionality at issue. 

For example, in addition to generating the translation token representative of the 
identification and authentication event occurring at the initial server, Applicants recite providing 
the translation token to the domain controller and storing the translation token at the domain 
controller. Paragraph [0033] of Makower fails to teach or suggest storage of such a translation 
token by the domain controller. 
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Further, a careful reading of Makower paragraph [0033] fails to suggest that a token 
reference is obtained from the domain controller which is an index to the stored translation token 
at the domain controller. The above-cited material from Makower is simply not relevant to this 
functionality of Applicants' invention. As such, Applicants respectfully submit that the Office 
Action fails to state a prima facie case of obviousness against the independent claims presented. 

(B) Forwarding the token reference from the initial server to the at least one 
subsequent server along with a request. 

The Office expressly notes that Makower does not teach forwarding of a token reference 
from the initial server to the at least one subsequent server along with a request, but then cites 
paragraph [0009] of Cuomo for such a teaching. This is believed to be a mischaracterization of 
the teachings of paragraph [0009] of Cuomo. 

Cuomo paragraph [0009] teaches: 

The present invention provides a method, apparatus and computer 
implemented instructions for handling requests in a network data 
processing system. The network data processing system includes a 
network and clients connected to the network. A first server is present in 
which the first server receives a request from a client to access a resource, 
performs an authentication process with the client, adds and/or modifies 
information in the request in which the information indicates that the 
request is from a trusted source to form a modified request, and sends the 
modified request for processing. This modified request is received by a 
second server. This second server determines whether the first server is a 
trusted server based on the information, and provides access to the 
resource in response to a determination that the first server is a trusted 
server, the trusted server has already authenticated the end user who made 
this request and the end user is authorized to the requested resource. 

Cuomo is teaching a different environment than that recited in Applicants' invention. In Cuomo, 
there is a dependence on a trusted relationship being established between a chain of servers. 
There is no domain controller that provides a token reference after storing a translation token 
generated responsive to the identification and authentication event occurring at the initial server. 
To the extent relevant, Cuomo simply teaches the forwarding of a request from one server to 
another server. This patent does not teach or suggest the forwarding of a token reference (as the 
term is expressly defined in Applicants' independent claims) from an initial server to at least one 
subsequent server along with a request. Since the clear language of the paragraph does not teach 
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or imply Applicants' recited functionality, it is respectfully submitted that the Office Action fails 
to state a prima facie case of obviousness against the claims presented. 

(C) Wherein the at least one subsequent server initiates the translating employing the 
token reference received from the initial server. 

It appears that the Office Action at page 3, lines 17-20 is citing Makower paragraph 
[0030] for Applicants' recited functionality wherein the at least one subsequent server initiates 
the translating employing the token reference received from the initial server, 

Makower paragraph [0030] states: 

After receiving the information (step 210), the central sign-on server 32 
attempts to recognize the client browser 42 (step 212). In one 
implementation, the central sign-on server's attempt to recognize the client 
browser 42 is via a cookie on the client browser 42. In this 
implementation, if no such cookie exists on the client browser 42, then the 
client browser 42 likely has not established a session on any of the servers 
of the federation (step 214). 

Applicants respectfully submit that a careful reading of the above-noted citation of Makower 
fails to uncover any relevance to Applicants' recited functionality. In the cited paragraph of 
Makowever, the central sign-on server is attempting to recognize the client browser by 
determining whether a cookie exists on the client browser. This determination is simply not 
relevant to Applicants' claimed invention. In Applicants' invention, the translating of the 
authenticated user identity from the initial server to the local user identity at the at least one 
subsequent server is initiated by the at least one subsequent server employing the token reference 
received from the initial server. Again, as outlined above, the token reference is received from 
the domain controller with storage of the translation token, and is an index to the stored 
translation token within the domain controller. Paragraph [0030] of Makower is simply not 
relevant to the claimed function. 

For this additional reason. Applicants respectfully submit that the Office Action fails to 
state a prima facie case of obviousness against the claims presented. 
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(D) Forwarding the token reference from the at least one subsequent server to the 
domain controller. 

Again, to the extent that this function is addressed in the Office Action, paragraph [0030] 
of Makower is cited. However, as noted above, this paragraph clearly does not discuss a token 
reference as defined in the independent claims presented, nor is there a forwarding of such a 
token reference fi'om at least one subsequent server to a domain controller. Paragraph [0030] of 
Makower is simply teaching that the central sign-on server attempts to recognize the client 
browser by determining whether the client browser has a pre-existing cookie. This teaching is 
not relevant to the recited functionality. As such, Applicants respectfully submit that the Office 
Action fails to state a prima facie case of obviousness against the claims presented. 

(E) Employing the token reference at the domain controller to retrieve the translation 
token and translate the authenticated user identity of the initial server to the local 
user identity of the at least one subsequent server employing the global registry of 
the corresponding user identity maintained by the domain controller. 

The Office Action cites paragraphs [0035] & [0036] of Makower. These, paragraphs of 
Makower teach that in one implementation, the central sign-on server 32 is able to map that 
client browser's user name for the web server 20, it is able to map the client browser's user name 
for each server within the federation of servers. Notwithstanding this teaching. Applicants 
respectfully submit that the particular functionality at issue is simply not taught or suggested by 
Makower in paragraphs [0035] & [0036]. There is no token reference as the term is defined in 
the claims, nor is there any use of a token reference in Makower that would allow retrieval of a 
translation token that is then used to translate the authenticated user identity of the initial server 
to the local user identity at the at least one subsequent server employing the global registry. 
Although Makower does discuss mapping a client browser's user name for each server within the 
federation of servers, this does not teach or suggest the particular translation mechanism recited 
by Applicants in the independent claims presented. As such. Applicants respectfully submit that 
the Office Action fails to state a prima facie case of obviousness against their claims. 
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(3), (4) & (5) The Combination of Makower and Cuomo Fails to Disclose Applicants ' 

Invention, and The Documents Themselves Lack Any Incentive for this Further 
Modification as Necessary to Achieve Applicants ' Recited Invention: 

Without acquiescing to the combination proposed, Applicants respectfully submit that 
the resultant combination of Makower and Cuomo as set forth in the Office Action fails to 
disclose various aspects of their recited invention. For example, there is no teaching or 
suggestion in the combination of generating a translation token representative of the 
identification and authentication event, providing the translation token to the domain controller, 
storing the translation token by the domain controller and obtaining a token reference from the 
domain controller, the token reference comprising an index to the stored translation token within 
the domain controller Further, there is no teaching or suggestion in the combination of 
forwarding such a token reference from the initial server to the at least one subsequent server 
along with a request. Still further, there is no teaching or suggestion in the combination of 
translating the authenticated user identity of the initial server to a local user identity of the at 
least one subsequent server, wherein the at least one subsequent server initiates the translating 
employing the token reference received from the initial server. Yet further, there is no teaching 
or suggestion in the combination that the translating includes forwarding the token reference 
from the at least one subsequent server to the domain controller. In addition, there is no 
teaching or suggestion in the combination of employing the token reference at the domain 
controller to retrieve the translation token and translate the authenticated user identity of the 
initial server to the local user identity of the at least one subsequent server employing the global 
registry of the corresponding user identities maintained by the domain controller. 

Still further, upon a review of the applied patents, there is no teaching, suggestion or 
incentive for further modification of the combination as would be necessary to achieve 
Applicants' invention. Makower describes a central sign-on approach which is in contrast to the 
recited environment of Applicants' domain wherein user identity is authenticated at the initial 
server. 
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Yet fiirther, the characterizations of the teachings of Makower and Cuomo stated in the 
Office Action provide no technical basis outside that contained in Applicants' own specification. 
The characterizations of these patents merely assert the language of Applicants' claimed 
invention in hindsight, and notwithstanding that the patents actually teach different processes. 
Thus, the rejection violates the well-known principle that Applicants' own disclosure cannot be 
used as a reference against them. The consistent criterion for the determination of obviousness is 
whether the art would have suggested to one of ordinary skill in the art that the claimed invention 
should be carried out and would have a reasonable likelihood of success, viewed in light of the 
prior art. The suggestion and the expectation of success must be found in the prior art, not in the 
Applicants' disclosure. In re Dow Chemical Comnanv, 5 U.S.P.Q.2d 1529, 1531 (Fed. Cir, 
1998) (multiple citations omitted). The alleged combination at issue is characterized in the 
language of Applicants' own disclosure, rather than an identified basis in the prior art for 
achieving the modifications necessary to arrive at Applicants' invention, in violation of this well- 
known principle. This is yet another, independent reason why the current invention is not 
obvious over the applied art. 

In summary, Applicants traverse the rejection of the claims based on the lack of ?i prima 
facie case of obviousness; the misinterpretations of the teachings of Makower and Cuomo; the 
lack of an actual teaching or suggestion in Makower and Cuomo of their recited invention; the 
lack of any suggestion or incentive in the art for the modifications necessary to achieve their 
invention; and the use of Applicants' own disclosure as a basis for the alleged modifications. 

For at least the above-noted reasons, Applicants respectfully submit that the pending 
claims patentably distinguish over the teachings of Makower and Cuomo. Reconsideration and 
withdrawal of the obviousness rejection based thereon is therefore respectfully requested. 

All pending claims are believed to be in condition for allowance, and such action is 
respectfully requested. 
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* 



If a telephone conference would be of assistance in advancing prosecution of the subject 
application, Applicants' undersigned attorney invites the Examiner to telephone him at the 
number provided. 



Dated: March ^^, 2006, 

HESLIN ROTHENBERG FARLEY & MESITI P.C. 

5 Columbia Circle 

Albany, New York 12203-5 160 

Telephone: (518)452-5600 

Facsimile: (518)452-5579 
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RespectfuUy submitted, 




Kevin P. Radigan, 
Attorney for Applicants 
Registration No.: 31,789 



